Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/12405 )
Change subject: IMPALA-8154: Disable Kerberos auth_to_local setting ...................................................................... IMPALA-8154: Disable Kerberos auth_to_local setting Before KRPC, the local name mapping was done from the principal name entirely. With KRPC, Impala started to use the system auth_to_local rules as the Kudu security code has "--use_system_auth_to_local=true" by default. This can cause regression if local auth is configured in the krb5.conf (e.g. with SSSD with AD) as we started enforcing authorization based on Kerberos principal after this commit (https://github.com/apache/impala/commit/5c541b960491ba91533712144599fb3b6d99521d) This change fixes the problem by explicitly setting FLAGS_use_system_auth_to_local to false during initialization. Testing done: Enabled auth_to_local in a Kerberized cluster to map "impala/<hostname>" to foobar and verified queries still worked as expected. Change-Id: I0b0ad79b56cd5cdd3108c6f973e71a9416efbac8 Reviewed-on: http://gerrit.cloudera.org:8080/12405 Reviewed-by: Impala Public Jenkins <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- M be/src/rpc/authentication.cc 1 file changed, 5 insertions(+), 0 deletions(-) Approvals: Impala Public Jenkins: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/12405 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I0b0ad79b56cd5cdd3108c6f973e71a9416efbac8 Gerrit-Change-Number: 12405 Gerrit-PatchSet: 3 Gerrit-Owner: Michael Ho <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Michael Ho <[email protected]> Gerrit-Reviewer: Thomas Marshall <[email protected]>
